Monthly Archives: June 2007

Zimbra recently won the eWEEK Excellence Award for Enterprise Collaboration for it’s next generation messaging and collaboration suite. MxToolBox is excited about this award because Zimbra is the collaboration component that helps to power our FlexBox Managed Email Service. We chose Zimbra as our collaboration software because it is an innovative groupware system that scales up without degraded performance, and it plays well with our dedication to innovation and superior performance. Of course, we have combined Zimbra with our best-in-class security solution, our “we cross the line” service philosophy, and several sprinkles of the secret sauce to provide a hassle free, reliable, secure, high performance managed email service like no other.

FlexBox Managed EMail is a full exchange replacement with shared/synchronized contacts, calendars, email and mobile devices.The system synchronizes with Outlook, so your users don’t have to learn a whole new bag of tricks. It also has a few added features that exchange doesn’t (wikis, for example)…oh, and the web client is like a dream (think of the best of Outlook, combined with the best of Gmail).

Speaking of FlexBox, stay tuned in the weeks and months ahead for some upcoming announcements that promise to be as exciting as they will be groundbreaking.

The FLOWGO RBL has gone offline. As a result all IP Addresses are now “listed.” Anyone who is using FLOWGO as an anti-spam measure on their server should remove it. If you receive a bounce message saying your mail was rejected due to listing on FLOWGO, please contact the recipient email administrator and advise them that FLOWGO is now offline.

We have removed FLOWGO from our lookup tool as of 7:30 AM CST. However, after FLOWGO went offline sometime lastnight, our server monitoring tool sent out noticies to roughly 1000 of our monitoring customers. If you received one of these alerts, you can disregard it.

Spammers and hackers are turning to a new technique to defeat anti-spam appliances and, in some cases, knock email servers offline. Spam Spikes is an attack method where a domain’s email servers are flooded with thousands and thousands of messages for a prolonged period of time. The spike messages are typically image spam. The combination of image spam and high volume can quickly overwhelm concentrated security appliances. If that happens, an email server is defenseless and can easily be knocked offline by the contiuned barrage. This is the curious part, though, because it seems to defeat the purpose of the attack, which is to spread spam and malware. Once the mail server is offline, then the spam is no longer being delivered. Which leads one to conclude that Spam Spikes are double-edged weapons. On the one hand, they can be used to overwhelm anti-spam appliances and get spam messages into inboxex. On the other, they can be used as a tool of malicious attack to bring down a mail server.

From our perspective, Spam Spikes seem to be an odd tool for spammers to employ, as they send out a loud signal over a prolonged period of time. Conventional wisdom holds that spammers are very ruluctant to expose their botnets with loud attacks.

To protect against spam spikes (and for the best protection from email spam and virueses), adminstrators should consider trading their self-managed, concentrated, single-point of filtering, local network attached hardware for a distrubuted, off-network filtering service. There are many reasons why we feel that a distributed, off-network filtering service ios far superior. Reletive to this discussion, the managed service is far less likely to be overwhelmed by a spike, because there are multiple (in the case of our service, thousands) of filtering servers. With the concentrated, local hardware/software there is a single point of filtering and thus a bottleneck and and a single point of failure.

In a variation on a classic social engineering spam scampaign (scam campaign), Spammers/Hackers (we call them “spackers” around here) are circulating two scams with emails purporting to be from the US Internal Revenue Service (IRS).

In one scam, the email claims to be from the IRS Business Complaint Arbitration Service. The message claims that someone has filed a complaint against the target’s business and that the IRS can help arbitrate the matter. The email contains an attachment titled “comlaint,” which is a trojan known as backdoor.robofo. The IRS does not provide dispute arbitration services and has no Busines Comlaint Arbitration Division.

In the other scam, the email claims to be from the IRS’s Criminal Investigation Unit. The email says that the target is under investigation for filing a false return. Like the first scam, the email includes a trojan attachment titled “Complaint.”

That’s good advice. Users shoudl note that the IRS almost never sends email and certainly does not send unsolicited email or notices of action via email. Surely none of our readers are surprised to hear that there is an IRS spam scam circulating. This is one of the oldest tricks in the spamming book. The interesting question is why? People (targets) are more likely to take an action that the spacker wants them to if a) They believe that the email is from an authoritative source (for better or for worse, that explains the IRS), and b) their defenses are lowered due to fear or urgency (being on the IRS’s naughty list does that), c) the timing is right. In the case of timing, IRS scam emails always ramp up before tax day and continue afterwards.

Yes, the email crap continues to flow through the net, but, look on the bright side, at least we all have a good excuse to delete any email that seems to come from the IRS without looking at it!

A keylogger program on the Carson City, California City Treasurer’s laptop recorded city fincial account passwords and allowed hackers to transfer $450,000 in funds to bank accounts in North Carolina and Michigan. City officials quiclkly noticed the missing monies and were able to freeze all by $45,000 of the funds.

A study by Forrester Research predicts that Spammers’ use of Artificial Intellegence (AI) to automatically create endless variations of spam campaigns and delivery avenues to evade detection and stay ahead of many spam filters will increase in the coming months.

An email disguised as a message from the IRS is targeting corporate executive’s information. The email contains a Rich Text File (RTF) titled complaint.rtf, which, if opened, downloads a trojan to the executive’s computer. The trojan steals login passwords and sends them to a remote server.

The Anti-Phising Working Group (APWG) reports that the number Phising URLs detected in April was 55,643, almost double the previous record total.

April also saw a departure from Phishing URLs targeted almost exclusively at stealing login information for Financial Institutions to a more broad focus, including Financial Institutions, Social Netowrking, VOIP, and Email.

Robert Alan Soloway was arrested in Seattle on Wednesday. Dubbed “The Spam King” by authorities, Soloway allegedly spammed tens of millions of messages. Most of these contained links to websites where his company, Newport Internet Marketing, sold products and services.

Soloway was once listed in SpamHuas’s Top 10 list of spammers and is still in the groups list of 135 internationally known spammers. If convicted, Soloway will face a maximum sentence of 65 years with fines up to $250K.

Upon his arrest, writers at publications across the globe suggested that the level of spam would fall dramatically. However, in reality, Soloway was only responsible for a very small percentage of global spam. His place as an uber-spammer has long been filled by Eastern Europoean spam gangs. In fact, spam levels have not decreased at all in the two days following his arrest.

The most positive effect of his arrest is the message it sends to any spammers or would be spammers operating in the US. Now if we could just get the Russins and Ukranians to follow suit…